Full Disclosure mailing list archives
RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)
From: "Hudak, Tyler" <Tyler.Hudak () roadway com>
Date: Fri, 20 Jun 2003 13:13:01 -0400
Koec's "exploit" just executes the shell code on your own machine, as evidenced by this line: void(*b)()=(void*)shellcode;b(); All the rest of the program does is open a connection to the machine specified on port 80 and then close it down (as can be safely seen by removing that line). I'm not a shellcode expert, so someone else will have to say what it does, but its probably not pretty. Unless someone can correct me, I'd avoid running this. Tyler
Current thread:
- Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) koec (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Michael (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Eric Chien (Jun 20)
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) gml (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) David M. Wilson (Jun 23)
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) gml (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Gareth Bromley (Jun 20)
- <Possible follow-ups>
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Hudak, Tyler (Jun 20)
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) mattmurphy () kc rr com (Jun 20)
- Re: RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Christian Friedl (Jun 21)